It's the same for html5 web exports, they just have to know where to look.
In fact all someone needs to show your game somewhere else is to know where the index file is.
Its up to the host to block that kind of thing, which of course may also limit the games functionality.
Its up to you to sitelock your games, and of course they don't provide that information readily.
Not sure htf you're supposed to do that with nwjs.
Im my case only the NW.js part would be important.
I find it very concerning that the exported end-product lacks in security, I hope that C3 brings changes to that.
I remember a few years ago, I found a clever way of security for open art assets like these.
It was some sort of software creator (cannot remember the name of it)
and the way that their software handled this problem was by injecting a watermark layer to all art assets.
So can guess the process was structured like this:
1. Load asset with watermark
2. Remove watermark
3. Show asset inside the software without watermark
I have no clue how they managed to create a system like that because I was unable to remove the watermark,
using any kind of image editing software with layer support. (e.g. Photoshop, Paint.Net)
I don't want to be rude with this suggestion either, I just want to give an example on how to secure assets.